License-based cryptographic technique, particularly suited for use in a digital rights management system, for controlling access and use of bore resistant software objects in a client computer

1. In a networked client-server environment, apparatus for use in conjunction with a digital rights management system, the apparatus comprising: a client computer connected to the network, the client computer having: a processor; a memory having computer executable instructions stored therein; and an enforcer, contained within the digital rights management system, for controlling use of watermarked software objects, wherein the enforcer stores a predefined watermark key which defines a specific one of a plurality of identical watermarks embedded in the watermarked software object with different watermark keys to be used by the enforcer in subsequently controlling use of each one of said watermarked software objects, and wherein the predefined watermark key expires after a predefined period of time elapses since said predefined watermark key was initially stored in the enforcer; wherein the processor, in response to the stored executable instructions: establishes a network connection to a watermark key; issues a request to the server for a new watermark key; and utilizes either the predefined watermark key or the new watermark key, as received from the server, for the predefined watermark key for subsequent use in controlling access to the watermarked software objects until such time as the predefined key has expired after which the new watermark key is used instead; and the server, connected to the network, which, in response to the request: selects, if the predefined watermark key has not been revoked for the client computer, another one of predefined plurality of predetermined watermark keys for use in controlling access to the software watermarks objects as the new watermark key; sends the new watermark key to the client computer; and if the predefined watermark key has been revoked, does not supply the new watermark key to the client computer.

2. The apparatus in claim 1 wherein the network connection comprises a secure connection.

3. The apparatus in claim 2 wherein the server is associated with a publisher of any one of the watermarked software objects or a vendor of said one object, or a watermarking authority.

4. The apparatus in claim 3 wherein: the client computer, in response to the stored instructions and in conjunction with the request, also supplies the server with an existing certificate for predefined public key associated with the client computer; and the server, if the existing certificate for the public key has not been revoked by the server, provides the client computer with the new watermark key.

5. In a networked client-server environment, a method for use in conjunction with a digital rights management system, in a client computer connected to a network, the client computer having: a processor; a memory having computer executable instructions stored therein; and an enforcer, contained within the digital rights management system, for controlling use of watermarked software objects, wherein the enforcer stores a predefined watermark key which defines a specific one of a plurality of identical watermarks embedded in the watermarked software object with different watermark keys to be used by the enforcer in subsequently controlling use of each one of said watermarked software objects, and wherein the watermark key expires after a predefined period of time elapses since said key was initially stored in the enforcer; wherein the method comprises the steps, upon expiration of the watermark key, performed by the processor, in response to the stored executable instructions, of: establishing a network connection to a server; issuing a request to the server for a new watermark key; and utilizes either the predefined watermark key or the new watermark key, as received from the server, for the predefined watermark key for subsequent use in controlling access to the watermarked software objects until such time as the predefined watermark key has expired after which the new watermark key is used instead; and in the server, connected to the network and, in response to the request, the steps of: selecting, only if the predefined watermark key has not been revoked for the client computer, another one of a predefined plurality of predetermined watermark keys for use in controlling access to the software watermarks objects as the new watermark key; sending the new watermark key to the client computer; and if the predefined watermark key has been revoked, not sending the new watermark key to the client computer.

6. The method in claim 5 wherein the network connection comprises a secure connection.

7. The method in claim 6 wherein the server is associated with a publisher of any one of the watermarked software objects or a vendor of said one object, or a watermarking authority.

8. The method in claim 7 further comprising the steps of: in the client computer and in response to the stored instructions and in conjunction with the request: supplying the server with an existing certificate for a predefined public the client computer; and in the server, if the existing key associated with certificate for the public key has not been revoked by the server, providing the client computer with a new certificate, for the new watermark key.

9. In a networked client-server environment, apparatus for obtaining a water ark key for use in a digital rights management system, the apparatus comprising: a client computer connected to the network, the client computer having: a processor, a memory having computer executable instructions stored therein; and an enforcer, contained within the digital rights management system, for controlling use of watermarked software objects, wherein the enforcer is capable of storing a predefined watermark key which defines a specific one of a plurality of identical watermarks embedded in the watermarked software object with different watermark keys to be used by the enforcer in subsequently controlling use of each one of said watermarked software objects; wherein, if the enforcer does not then possess the watermark key, the processor, in response to the stored executable instructions: establishes a network connection to a server; issues a request to the server for a watermark key; and stores the watermark key, received from the server, within the enforcer for subsequent use in controlling access to watermarked software objects; and the server, connected to the network, which, in response to the request: selects, one of the a predefined plurality of predetermined watermark keys for use in controlling access to the software watermarked objects as the watermark key; downloads the watermark key to the client computer.

10. The apparatus in claim 9 wherein the request contains a public key associated with the client computer and the server, in response to the request: encrypts the watermark key using the public key of the client computer so as to yield the encrypted key; and downloads the encrypted key to the client computer as the watermark key; and the client computer: upon receipt of the watermark key, decrypts the encrypted key using a private key associated with the client computer so as to yield a decrypted key; and stores the decrypted key as the watermark key.

11. The apparatus in claim 10 wherein the network connection comprises a secure connection.

12. The apparatus in claim 11 wherein the server is associated with a publisher of any one of the watermarked software objects or a vendor of said one object, or a watermarking authority.

13. In a networked client-server environment, a method for obtaining a watermark key for use in a digital rights management system, in a client computer connected to a network, the client computer having: a processor, a memory having computer executable instructions stored therein; and an enforcer, contained within the digital rights management system, for controlling use of watermarked software objects, wherein the enforcer is capable of storing a predefined watermark key which defines a specific one of a plurality of identical watermarks embedded in the watermarked software object with different watermark keys to be used by the enforcer in subsequently controlling use of each one of said watermarked software objects; wherein the method comprises the steps, performed by the processor if the enforcer does not then possess the watermark key and in response to the stored executable instructions, of: establishing a network connection to a server; issuing a request to the server for a watermark key; and storing the watermark key, received from the server, within the enforcer for subsequent use in controlling access to watermarked software objects; and in the server, connected to the network and in response to the request: selecting, one of a predefined plurality of predetermined watermark keys for use in controlling access to the software watermarked objects as the watermark key; downloading the watermark key to the client computer.

14. The method in claim 13 , wherein the request contains a public key associated with the client computer, comprising the steps of: in the server, in response to the request: encrypting the watermark key using the public key of the client computer so as to yield the encrypted key; and downloading the encrypted key to the client computer as the watermark key; and in the processor, in response to the stored instructions: upon receipt of the watermark key, decrypting the encrypted key using a private key associated with the client computer so as to yield a decrypted key; and storing the decrypted key as the watermark key.

15. The method in claim 14 wherein the network connection comprises a secure connection.

16. The method in claim 15 wherein the server is associated with a publisher of any one of the watermarked or a software objects or a vendor of said one object, watermarking authority.